Some say that the cost of exploit development has become so high that it has driven much of the offensive security research underground. So is it futile to patch if exploit development is expensive and time-consuming?

At this year's Information Security Decisions, a security researcher panel made up of Alexander Sotirov from VMware, Dave Aitel of Immunity Security Inc, Billy Hoffman of HP and Matasano Security's Tom Ptacek discusses the question, as well as the future of the software development lifecycle.